Hi! I recently tried to rekey our AFS - at last - following the ´basic procedure´ from https://www.openafs.org/pages/security/how-to-rekey.txt and https://www.openafs.org/pages/security/install-rxkad-k5-1.6.txt. My setup runs OpenAFS 1.8.5 and MIT Kerberos 1.17-3 on Debian.
Afterwards obtaining tokens with aklog failed with error code 19270408 (ticket contained unknown key version number): | $ aklog | afs: Tokens for user of AFS id 997 for cell itp.tugraz.at: rxkad error=19270408 (server 129.27.161.138) | afs: Tokens for user of AFS id 997 for cell itp.tugraz.at: rxkad error=19270408 (server 129.27.161.139) | afs: Tokens for user of AFS id 997 for cell itp.tugraz.at are discarded (rxkad error=19270408,server 129.27.161.95) I'm not sure whether I should run "akeyconvert" after copying the Kerberos keytab to the servers? In my opinion we should have a file /etc/openafs/server/KeyFileExt, but it's not mentioned in the docs. Best regards, Andreas -- Andreas Hirczy <[email protected]> https://itp.tugraz.at/~ahi/ Graz University of Technology phone: +43/316/873- 8190 Institute of Theoretical and Computational Physics fax: +43/316/873-10 8190 Petersgasse 16, A-8010 Graz mobile: +43/664/859 23 57 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
